The digest should be called on credentials, not on what's picked up from
the database. That would already be digested. Here is the patch for
JDBCRealm.java:
---
jakarta-tomcat-3.3-src-original/src/share/org/apache/tomcat/modules/aaa/JDBC
Realm.java Wed Feb 28 06:10:16 2001
+++
jakarta-tomcat-3.3-src/src/share/org/apache/tomcat/modules/aaa/JDBCRealm.jav
a Tue Apr 10 12:27:59 2001
@@ -284,7 +284,7 @@
return true;
}
} else {
- if (credentials.equals(digest(rs1.getString(1),
digest))) {
+ if (rs1.getString(1).equals(digest(credentials,
digest))) {
if (debug >= 2)
log(sm.getString("jdbcRealm.authenticateSuccess", u
sername));
return true;
Bojan
